Our Insights

Financial institutions may use fintech to make their operational activities more efficient but must ensure compliance with AML/CFT requirements

January 19, 2018

This series focuses on the implications of fintech developments for both banks and bank supervisors. In this second instalment RBC Investor & Treasury Services explores how fintech may create challenges in meeting compliance requirements, such as anti-money laundering/counter terrorist financing obligations, particularly if risks and processes are not appropriately identified and managed

The growth in sophistication and availability of fintech continues to be a key topic for regulators and international authorities. The Basel Committee on Banking Supervision (BCBS) has warned that technology-enabled innovations are raising the challenges of meeting compliance requirements. In particular, as banks increasingly depend on fintech products and services, it may be more difficult for them to enforce and comply with anti-money laundering (AML) and countering financing of terrorism (CFT) obligations.

Key insights

The combination of machine learning techniques with DLT has the potential to ensure that regulators and banking supervisors are able to accurately monitor automated trades and audit trails

The European Central Bank is concerned that the outsourcing of cloud-based computing services could result in greater cyber risk

Without appropriate supervisory measures in place, banks and other financial institutions must be careful in assessing their regulatory risk when working with fintech firms. New technologies such as artificial intelligence (AI), distributed ledger technology (DLT) and cloud computing offer enormous opportunities for financial services firms but AML/CFT obligations must be adhered to.

Assessing compliance in automated trades

In a consultation paper published in partnership with the Bank of International Settlements in August 2017,1 the BCBS highlights that higher level of automation can result in less transparency on how transactions are executed. For instance, it might be difficult for banks or supervisors to confidently assess who bears the compliance responsibilities for trades performed by AI algorithms on behalf of third parties.2 It is necessary for banking supervisors to evolve and align with the pace of innovation and successfully monitor emerging technologies.

Despite the complexity of assessing compliance obligations when trades are automated, the Financial Stability Board believes that DLT may be able to bring greater transparency to how markets function.3 The combination of machine learning techniques with DLT has the potential to ensure that regulators and banking supervisors are able to accurately monitor automated trades and audit trails.

Regulating the disruptors

The BCBS warns that digital innovation has the potential to raise operational risk and exacerbate AML/CFT concerns. The adoption of new technologies, such as virtual cryptocurrencies, may result in the emergence of new cyber vulnerabilities. Fintech service providers offering services through these technologies may not conform to traditional KYC practices when onboarding customers and, in some cases, their customers are anonymous.

In Switzerland, efforts are being made to ensure that fintech start-ups are given support in becoming compliant with AML/CFT legislation. In October 2017, Payment21 became the first bitcoin payments processor to be licensed as a Directly Subordinated Financial Intermediary under the Swiss Financial Market Supervisory Authority.4 The license allows the firm to offer fully AML/CFT-compliant bitcoin transactions to merchants.

Handling data with confidence

As financial services firms become increasingly reliant on technology-enabled innovations to maintain competitive advantage, the use of big data has become more widespread. However, the BCBS further warns that the risk of not complying with data privacy rules may increase as firms become more dependent on third-parties to outsource their big data processing and handling.

There is the potential that greater intermediation could result in an ambiguity of compliance obligations and may increase the likelihood of operational incidents. Monitoring outsourcing risk is likely to become a key challenge for banks, especially if some financial services are to become dominated by international players and risk becomes more concentrated. When fintech companies are the service providers, banks will need processes in place to conduct due diligence, contract management and continued monitoring of operations.

There is the potential that greater intermediation could result in an ambiguity of compliance obligations

In its guide to assessments of fintech credit institution licence applications, the European Central Bank (ECB) notes that heavy reliance on cloud computing for outsourcing purposes could make the banking system more vulnerable to cyber threats.5The ECB recommends that financial services firms ensure that supervisors are fully able to audit all outsourced services for which they are responsible.

If banks are to process the transactions for the clients of fintech companies they will need reliable AML and CFT monitoring in place. Bank supervisors should cooperate with other public authorities responsible for oversight of regulatory functions related to fintech, and coordinate supervisory activities for cross-border fintech operations.